Security risk with '_kerberos.FQDN'? (Was: One DNS domain - three realms ?)
Turbo Fredriksson
turbo at bayour.com
Tue Jun 7 06:01:39 EDT 2005
Quoting Ken Raeburn <raeburn at mit.edu>:
> There is also an option "dns_lookup_realm" in the "libdefaults"
> section of the config file which, if turned on, will cause a DNS TXT
> record _kerberos.<FQDN> to be checked and, if it's found, the result
> used as the realm name for the host <FQDN>. However, this option is
> turned off by default as it introduces a security risk.
Could you please elaborate or point me to a page that explains this?
I've never heard of it before (I haven't been paying attention to
this list for the last couple of months :).
More information about the Kerberos
mailing list